Contents

America is a trusting nation. When safeguarding personal information, we're inconsistent at best. Apart from occasional righteous indignation about government plans to centralize vital data, most of us are, on a day-to-day basis, incredibly cavalier with the information that makes us, financially and legally speaking, who we are. We fail to safeguard vital codes, numbers, and facts, blithely handing over credit cards to clerks or waiters who take them out of our sight or filling in online forms without considering who's receiving them or whether they really need the information they're requesting.

It's no wonder that identity theft is growing at such a phenomenal rate. According to a Federal Trade Commission (FTC) survey, one in eight respondents (12.7 percent) were victims of ID theft in the past five years. This equates to about 27 million Americans10 million of them in 2003 alone. The figures may even be low, because reporting hasn't kept pace with the crime and many ID thefts go undetected.

Such statistics can have a paralyzing effect: Feeling helpless, we decide there's no use worrying. Or we decide it won't happen to us and live accordingly, despite the fact that the FTC found that identity theft costs an average of $10,200 in money, goods, and services per incident.

Luckily, there are ways to minimize the risk of ID theft. If you have time to balance your checkbook, shop online, or apply for a passport, you have time to check up on your personal information and take action if something's amiss.

Such advice comes too late for Albert and Glenda Gray and Grey Todd, three people who face months, if not years, of work to clear their names, secure their finances, and restore their peace of mind. In truth, they will likely always be haunted by the fact that persons unknown to them have their personal information.

The Grays are a working couple with grown children. Understandably, given their ongoing struggles, they've asked that we withhold their ages and location. Like many victims of ID theft, they aren't certain how their identities were stolen. Their theory is that a credit card statement was taken from their unsecured mailbox in July 2002. However it happened, their first indication something was wrong was when they received a call in August 2002 from Consumer Fraud Control at Bank of America, the issuer of their credit card. The bank had noticed a change in the pattern of charges on the card and had received a change of address and phone number. Many victims aren't fortunate enough to get a warning. According to the Identity Theft Resource Center (ITRC), 85 percent of fraud victims find out about the crime months later, when they try to use their credit and identities to make purchases, establish new accounts, or secure loans.

Bank of America outlined the steps for documenting the crime. The Grays contacted the credit-reporting agencies Equifax, Experian, and TransUnion (although the FTC states that reporting to one also alerts the others) to place a fraud alert on their account. The agencies sent reports for the couple to check for discrepancies. Furthermore, the agencies will monitor their records for fraudulent activity in the future.

Next, the Grays tried to file a police report. Since the perpetrator used their identities to make purchases hundreds of miles away, their local police referred the couple to that city's police department. The city police, in turn, refused the Gray's report, so they tried their local department again, with no luck. It's not unusual for victims to find such resistance at government and local law enforcement agencies, collection companies, and businesses as they attempt to document their cases. The FTC advises persistence, including contacting your county sheriff's department or state police if your local police won't help.

The Grays didn't request a copy of their police report, so they're currently uncertain if one actually exists. They plan to rectify this oversight soon, as having copies to send to creditors and agencies helps establish one's case as a victim of fraud.

During the Grays' ordeal, Glenda kept records of all their correspondence. ID theft counselors advise victims to keep detailed logs; they also suggest tracking money spent (such as postage, phone calls, notarizations, and accountant and attorney's fees) as well.

The Grays did their homework, but the task is complex and they didn't get all the information they needed. Since their case involved mail theft, a federal offense, they should have contacted the U.S. Postal Service. Other contacts to notify are the Department of Motor Vehicles, the Social Security Administration, the FBI, and the FTC. The FTC offers an Affidavit of Identity Theft, which you can have notarized and then send to creditors and agencies. (For a detailed list of contacts, see our sidebar "Who Can Help Me?".)

Finally, all correspondence should be sent as Certified Mail with Return Receipt Request. The task of clearing your name is long and arduous. The ITRC reports that victims average 600 hours of work over periods of several months to over a year. Unfortunately, the Grays' odyssey has just begun. To add insult to injury, Albert's wallet was stolen in November 2003, and the thief is in possession of his Social Security number, driver's license, and new credit cards.

The Grays' case is a common, low-tech type of ID theft. The Web and the proliferation of e-mail have opened up new frontiers to the unscrupulous. Online auction fraud is the largest category of Internet-related complaints in the FTC's Consumer Sentinel database. Furthermore, criminals have found a new avenue for fraud via e-mail, a technique known as phishing. Phishing (also called carding or brand spoofing) is an e-mail scam using known logos from entities such as eBay, PayPal, and America Online to "phish" for personal information. The victim receives a legitimate-looking e-mail proclaiming problems with account information: "Just click on the link and provide some additional personal and financial information to clear up a few questions." Everything looks authentic, but you're actually being redirected to a site that's here one moment and gone the nexttaking your identity with it.

Grey Todd fell victim to a PayPal e-mail scam in November 2003. This computer-literate businessman (who has also requested that we print no other personal information about him) was involved in a financial transaction using PayPal. When Grey received the "PayPal" phishing message from an old company e-mail account, he acted immediately and provided very personal information, including his Social Security number and ATM PIN. After the transaction, he grew suspicious and contacted PayPal directly and was informed that he'd been scammed.

Those who are responsible for phished messages use psychological tactics to prey on their victims. They use the name of a familiar company and create a sense of urgency that gets people to act quickly. Always remember that companies like PayPal and eBay never send e-mails asking for account information.

By now you're hopefully asking yourself what steps you can take to protect your identity. While you can never completely safeguard your identity, there are common ways to distance yourself from the crime. As they say on The X-Files, "Trust no one"at least not when it comes to your personal information.

 Be suspicious of transactions you didn't initiate.

 Ask yourself if you really need to provide your Social Security number, and don't carry your Social Security card.

 Opt in for credit agencies' periodic credit watches. It's not free, but it might buy you some peace of mind.

 Take the contents of your wallet out and photocopy everything, front and back. Keep the copies in a secure place.

 When you get a new credit card, sign it immediately.

 Of course, your mailbox is an invitation to thieves. Get a locking mailbox, retrieve your mail immediately after delivery, or get a post office box. Never leave outgoing mail in your unprotected box for collection.

 When ordering checks, omit your driver's license number, Social Security number, and consider using only the initials of your first and middle name. And if possible, pick up your checks in-person instead of having them mailed.

 During all in-person transactions, watch the people you give your credit cards to carefully.

 If you use your credit cards online, be sure to navigate directly to the retailer's site. Avoid following links in e-mails, even to donate to your favorite cause.

 When buying or donating online, look for Secure Sockets Layer (SSL) protection. A padlock in the bottom right-hand corner of your browser isn't enough. Check the URL for https:// (the s is for secure) and beware of pop-up forms. Look for businesses and organizations that follow safe online and e-mail practices and feature certifications from groups such as TrustE or ScanAlert. Note, however, that this isn't foolproof. (For more information, see the Solutions feature "Should You Trust TrustE?" in our issue of February 17.)

 Shred all documents that contain any personal information before throwing them away. Dumpster diving isn't just about finding quirky furniture; it's also a favorite pursuit of ID thieves.

 Finally, keep records of all online purchases, including dates and order numbers. Keep all credit card receipts and compare them against your monthly statements. Better yet, sign up to view your account online and track it on a daily or weekly basis.

These simple steps could save you hours (or even months) of blood, toil, tears, and sweat. Even though the ITRC reports that victims are finding out about stolen IDs sooner, it's taking them longer to eliminate negative information from their credit reports. And sometimes there are darker consequences. If a thief uses your name in committing a crime, you may find yourself on a wanted list.

In the end, as consumers, we can minimize our risks but not eliminate them. Even if we are vigilant, we're still vulnerable to errant business and government practices. Easy credit, vulnerable databases, and trash with unshredded sensitive information are just a few things that put us all at risk. It will take a concerted and sustained effort by individuals, governments, and businesses to get the upper hand with the ID thieves. Until then, continue to worry.

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.